
Information Technology Department
Policy Document
Key management processes and procedures for keys used for encryption of cardholder
data will be documented and implemented for:
Generation of strong keys-
Q1:- Key generation process and logic with description.
Customer managed key is created in AWS IAM.
Q2:- Data encryption key description
1) Using Access Key id & secret key system connect to AWS KMS, and
request placed to AWS KMS by sending (key Id + algorithm + key size). The
response returns Data key.
2) Using above Data key the sensitive plain text information encrypted
using AES 256 algorithm in local system, then encoded using Base64. The
result string is stored in local database.
Secure key distribution-
Q1:- How the keys are distributed securely.
AWS IAM Keys are split into two halves.
Q2:-Handling process
The Key id is split into two parts.
1) One part is stored in database
2) Second part is placed in Application properties file after
encryption using PBEWithMD5AndDES algorithm. Which will get
decrypted in run time by application.
3) Above two parts and concatenated in run time.
Key Management & Card Data Encryption PolicyPage 3